4. PfSense 2.1 build 20130911-1816 - Directory Traversal

PfSense 2.1 build 20130911-1816 - Directory Traversal

  • P

    копипаста  http://ru.1337day.com/exploit/21827
    <authenticated users="" with="" only="" permission="" to="" access="" some="" packages="" in="" web="" gui<br="">(a.k.a. webConfigurator) will be able to escalate themselves to other
    privileged admin by reading /conf/config.xml file through bugs (i.e. Snort
    LFI), result in fully compromise the pfSense.

    This attack abuse the user privilege scheme with some of official packages
    (System > Package Manager)

    • Session Hijacking also possible to steal less privileged user sessions to
      perform this trick  due to "http" admin by default webConfigurator.></authenticated>
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy